refactor: 后端代码重构,提取通用权限验证逻辑至common模块,减少代码冗余
This commit is contained in:
xiamuceer-j
@@ -27,31 +27,12 @@ from app.schemas.career import (
|
||||
from app.services.ai_service import AIService
|
||||
from app.logger import get_logger
|
||||
from app.api.settings import get_user_ai_service
|
||||
from app.api.common import verify_project_access
|
||||
|
||||
router = APIRouter(prefix="/careers", tags=["职业管理"])
|
||||
logger = get_logger(__name__)
|
||||
|
||||
|
||||
async def verify_project_access(project_id: str, user_id: str, db: AsyncSession) -> Project:
|
||||
"""验证用户是否有权访问指定项目"""
|
||||
if not user_id:
|
||||
raise HTTPException(status_code=401, detail="未登录")
|
||||
|
||||
result = await db.execute(
|
||||
select(Project).where(
|
||||
Project.id == project_id,
|
||||
Project.user_id == user_id
|
||||
)
|
||||
)
|
||||
project = result.scalar_one_or_none()
|
||||
|
||||
if not project:
|
||||
logger.warning(f"项目访问被拒绝: project_id={project_id}, user_id={user_id}")
|
||||
raise HTTPException(status_code=404, detail="项目不存在或无权访问")
|
||||
|
||||
return project
|
||||
|
||||
|
||||
@router.get("", response_model=CareerListResponse, summary="获取职业列表")
|
||||
async def get_careers(
|
||||
project_id: str,
|
||||
|
||||
Reference in New Issue
Block a user